Would your site pass a privacy audit?
Reason 1: Protecting your company
Reason 2: Persuading website users to trust you
The dirty secret of most privacy policies
Lots of data collection points = lots chances to miss something
Here are just a few of the ways your site may be collecting user data:
- Site analytics
- Member profiles
- Internal ad server
- 3rd-party ad server
- Ad networks
- Behavioral targeting platforms
- Affiliate programs
- User-generated comments
- Content recommendation engines
It’s unlikely you have a single person who understands all these systems and how they are used. You’ll need to interview developers, sales, marketing and customer service at a minimum.
Privacy Choice is a quick way to get a handle on some of that complexity. Their tool runs a site audit to see what tracking cookies and beacons are present, from third parties such as web analytics firms, ad networks, exchanges and optimizers. Privacy Choice has normalized the privacy policies of these third parties into four buckets: user anonymity, data sharing, uses of sensitive data, and policies for deleting user data over time.
The most common red flags
“We don’t share your information with 3rd parties”
It’s a warm and fuzzy statement that is nearly always false. There are plenty of legitimate third parties that every site owner must share user information. These include the site’s hosting company, the user’s own ISP, the company that delivers any purchases, the banks clearing credit card payments, and many more.
“We collect your information through the form you complete on the site.”
It is likely you are also collecting personal information about the user from e-mail, faxes, telephone calls, postal mail or other communications with them, as well as from outside sources such as credit card processors, database vendors and list brokers.
These are a quick and easy way to generate an accurate disclosure that will cover the most common areas of concern. They are better than the copy and paste approach. However, the output of these tools is only as good as the knowledge that goes into answering their canned questions.
2. Hire a privacy consultant
3. Hire an attorney with online privacy expertise
An attorney familiar with online data rules and laws can guide you through the discovery process of mapping how your publication collects, uses and shares data. This is essential if the policy is to be accurate as well as flexible enough for future use. The International Association of Privacy Professionals (IAPP) certifies consultants and attorneys in this area of expertise, and you may be able to get a referral from them. However, you’ll likely have to become a member to get access to the professionals they certify.